Does 'IsInRole()' check against Active Directory groups?

Discussion in 'ASP .Net Security' started by Craig Vedur, Aug 28, 2005.

  1. Craig Vedur

    Craig Vedur Guest

    I need to build in some role authentication for a web app... so, going to
    use the web.config to build my rules for the location files.

    my question is.. does anyone know?

    on my development box (out of work), i'm out XP Pro... and i've created
    some groups and users to test it...

    in the real deal, it's going to be Win 2003 Server using Active
    Directory..... Obviously, i dont have AD on XP Pro..... Is it the same
    thing? Will it work the same?

    Will web.config be able to recognize the groups that a user belongs to to
    correctly authorize viewing a page based on role authentication?


    So, will IsInRole() check against groups created in Active Directory on
    Win2003 Server?
     
    Craig Vedur, Aug 28, 2005
    #1
    1. Advertising

  2. Yes. It depends on how users are being authenticated by IIS and how you
    have ASP.NET configured, but if your web server is a member of a domain that
    can authenticate users in your target domain and you have ASP.NET configured
    for Windows authentication, IsInRole will answer true/false for the user's
    domain groups.

    Joe K.

    "Craig Vedur" <> wrote in message
    news:...
    >I need to build in some role authentication for a web app... so, going
    >to
    > use the web.config to build my rules for the location files.
    >
    > my question is.. does anyone know?
    >
    > on my development box (out of work), i'm out XP Pro... and i've created
    > some groups and users to test it...
    >
    > in the real deal, it's going to be Win 2003 Server using Active
    > Directory..... Obviously, i dont have AD on XP Pro..... Is it the
    > same
    > thing? Will it work the same?
    >
    > Will web.config be able to recognize the groups that a user belongs to to
    > correctly authorize viewing a page based on role authentication?
    >
    >
    > So, will IsInRole() check against groups created in Active Directory on
    > Win2003 Server?
     
    Joe Kaplan \(MVP - ADSI\), Aug 29, 2005
    #2
    1. Advertising

  3. Craig Vedur

    Pat Guest

    Thats true as Joe adviced.
    You can check my blog here for more info(There should be a blog relating to
    Role Bases Auth).
    http://spaces.msn.com/members/naijacoder/
    Patrick


    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:%...
    > Yes. It depends on how users are being authenticated by IIS and how you
    > have ASP.NET configured, but if your web server is a member of a domain

    that
    > can authenticate users in your target domain and you have ASP.NET

    configured
    > for Windows authentication, IsInRole will answer true/false for the user's
    > domain groups.
    >
    > Joe K.
    >
    > "Craig Vedur" <> wrote in message
    > news:...
    > >I need to build in some role authentication for a web app... so, going
    > >to
    > > use the web.config to build my rules for the location files.
    > >
    > > my question is.. does anyone know?
    > >
    > > on my development box (out of work), i'm out XP Pro... and i've

    created
    > > some groups and users to test it...
    > >
    > > in the real deal, it's going to be Win 2003 Server using Active
    > > Directory..... Obviously, i dont have AD on XP Pro..... Is it the
    > > same
    > > thing? Will it work the same?
    > >
    > > Will web.config be able to recognize the groups that a user belongs to

    to
    > > correctly authorize viewing a page based on role authentication?
    > >
    > >
    > > So, will IsInRole() check against groups created in Active Directory on
    > > Win2003 Server?

    >
    >
     
    Pat, Aug 29, 2005
    #3
  4. Craig Vedur

    Craig Vedur Guest

    Thanks Joe, this worked. I have another question.

    Initially, i had a login page on my app and used
    System.DirectoryServices.dll to query AD to authenticate a user / pass.

    However, it appears that .NET handles this all for me if i disable anonymous
    access and use the integerated windows auth. Is this true?

    My app poped up a login screen for user / pass / domain.



    "Joe Kaplan (MVP - ADSI)" wrote:

    > Yes. It depends on how users are being authenticated by IIS and how you
    > have ASP.NET configured, but if your web server is a member of a domain that
    > can authenticate users in your target domain and you have ASP.NET configured
    > for Windows authentication, IsInRole will answer true/false for the user's
    > domain groups.
    >
    > Joe K.
    >
    > "Craig Vedur" <> wrote in message
    > news:...
    > >I need to build in some role authentication for a web app... so, going
    > >to
    > > use the web.config to build my rules for the location files.
    > >
    > > my question is.. does anyone know?
    > >
    > > on my development box (out of work), i'm out XP Pro... and i've created
    > > some groups and users to test it...
    > >
    > > in the real deal, it's going to be Win 2003 Server using Active
    > > Directory..... Obviously, i dont have AD on XP Pro..... Is it the
    > > same
    > > thing? Will it work the same?
    > >
    > > Will web.config be able to recognize the groups that a user belongs to to
    > > correctly authorize viewing a page based on role authentication?
    > >
    > >
    > > So, will IsInRole() check against groups created in Active Directory on
    > > Win2003 Server?

    >
    >
    >
     
    Craig Vedur, Aug 29, 2005
    #4
  5. Yes, definitely use the built in stuff if you can.

    Generally, people do forms auth against AD if there is a technical or policy
    problem with making the web server a domain member or someone really wants
    forms auth and wants to torture their devs. The Ldap-based
    MembershipProvider thing in .NET 2.0 should simplify this more though.

    Joe K.

    "Craig Vedur" <> wrote in message
    news:...
    > Thanks Joe, this worked. I have another question.
    >
    > Initially, i had a login page on my app and used
    > System.DirectoryServices.dll to query AD to authenticate a user / pass.
    >
    > However, it appears that .NET handles this all for me if i disable
    > anonymous
    > access and use the integerated windows auth. Is this true?
    >
    > My app poped up a login screen for user / pass / domain.
    >
    >
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    >> Yes. It depends on how users are being authenticated by IIS and how you
    >> have ASP.NET configured, but if your web server is a member of a domain
    >> that
    >> can authenticate users in your target domain and you have ASP.NET
    >> configured
    >> for Windows authentication, IsInRole will answer true/false for the
    >> user's
    >> domain groups.
    >>
    >> Joe K.
    >>
    >> "Craig Vedur" <> wrote in message
    >> news:...
    >> >I need to build in some role authentication for a web app... so,
    >> >going
    >> >to
    >> > use the web.config to build my rules for the location files.
    >> >
    >> > my question is.. does anyone know?
    >> >
    >> > on my development box (out of work), i'm out XP Pro... and i've
    >> > created
    >> > some groups and users to test it...
    >> >
    >> > in the real deal, it's going to be Win 2003 Server using Active
    >> > Directory..... Obviously, i dont have AD on XP Pro..... Is it the
    >> > same
    >> > thing? Will it work the same?
    >> >
    >> > Will web.config be able to recognize the groups that a user belongs to
    >> > to
    >> > correctly authorize viewing a page based on role authentication?
    >> >
    >> >
    >> > So, will IsInRole() check against groups created in Active Directory on
    >> > Win2003 Server?

    >>
    >>
    >>
     
    Joe Kaplan \(MVP - ADSI\), Aug 30, 2005
    #5
  6. Craig Vedur

    Pat Guest

    Thats true actually i just came across this article here at:-
    http://blogs.msdn.com/gduthie/archive/2005/08/17/452905.aspx
    using MembershipProvider thing in .NET 2.0 .
    Patrick



    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > Yes, definitely use the built in stuff if you can.
    >
    > Generally, people do forms auth against AD if there is a technical or

    policy
    > problem with making the web server a domain member or someone really wants
    > forms auth and wants to torture their devs. The Ldap-based
    > MembershipProvider thing in .NET 2.0 should simplify this more though.
    >
    > Joe K.
    >
    > "Craig Vedur" <> wrote in message
    > news:...
    > > Thanks Joe, this worked. I have another question.
    > >
    > > Initially, i had a login page on my app and used
    > > System.DirectoryServices.dll to query AD to authenticate a user / pass.
    > >
    > > However, it appears that .NET handles this all for me if i disable
    > > anonymous
    > > access and use the integerated windows auth. Is this true?
    > >
    > > My app poped up a login screen for user / pass / domain.
    > >
    > >
    > >
    > > "Joe Kaplan (MVP - ADSI)" wrote:
    > >
    > >> Yes. It depends on how users are being authenticated by IIS and how

    you
    > >> have ASP.NET configured, but if your web server is a member of a domain
    > >> that
    > >> can authenticate users in your target domain and you have ASP.NET
    > >> configured
    > >> for Windows authentication, IsInRole will answer true/false for the
    > >> user's
    > >> domain groups.
    > >>
    > >> Joe K.
    > >>
    > >> "Craig Vedur" <> wrote in message
    > >> news:...
    > >> >I need to build in some role authentication for a web app... so,
    > >> >going
    > >> >to
    > >> > use the web.config to build my rules for the location files.
    > >> >
    > >> > my question is.. does anyone know?
    > >> >
    > >> > on my development box (out of work), i'm out XP Pro... and i've
    > >> > created
    > >> > some groups and users to test it...
    > >> >
    > >> > in the real deal, it's going to be Win 2003 Server using Active
    > >> > Directory..... Obviously, i dont have AD on XP Pro..... Is it

    the
    > >> > same
    > >> > thing? Will it work the same?
    > >> >
    > >> > Will web.config be able to recognize the groups that a user belongs

    to
    > >> > to
    > >> > correctly authorize viewing a page based on role authentication?
    > >> >
    > >> >
    > >> > So, will IsInRole() check against groups created in Active Directory

    on
    > >> > Win2003 Server?
    > >>
    > >>
    > >>

    >
    >
     
    Pat, Aug 31, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Caspy
    Replies:
    3
    Views:
    3,582
    Sean M
    Aug 4, 2005
  2. rote
    Replies:
    2
    Views:
    504
  3. Mike

    Distribution groups & IsInRole & Windows Auth

    Mike, Sep 1, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    154
    Joe Kaplan \(MVP - ADSI\)
    Sep 1, 2004
  4. Craig Vedur
    Replies:
    3
    Views:
    218
    Patrick.O.Ige
    Oct 31, 2005
  5. rote
    Replies:
    4
    Views:
    263
Loading...

Share This Page